- Email: [email protected]
MIT scales up Kerberos security system for Internet
January 7995
Network Security
companies with ‘fleets’ of remote laptops and PCs. It includes a feature that recovers files created by employees no longer available to decrypt them. RSA also announced an encryption algorithm that it claims could replace the US government’s aging Data Encryption Standard algorithm. Security Technologies Inc has announced Digital Notary System, which it claims can irrefutably certify the contents and time of creation of digital records, including those used in electronic commerce. The system, which affixes a tamper-proof digital time stamp, could be used by lawyers who want to establish the time of evidence or contracts.
j REWXTS MIT scales up Kerberos security system for Internet Erin English
The Massachusetts Institute of Technology (MIT) believes its proprietary Kerberos authentication security system is ready to expand out into the Internet community. The system, which currently serves around 25 000 MIT users, eliminates the occurrence of sending readable passwords across not-so-secure network links. Kerberos consists of a distributed software set that allows users access through multiple encrypted exchanges. The user’s name is the only bit of information which is not encrypted. Additionally, the system will make cryptographic checks to make sure that information is not interfered with when passing
6
through workstations and servers, Kerberos 4, the current version of the system is designed for performing local authentication at a site. The’ Institute is currently perfecting Kerberos 5, available at an unspecified date this summer which will be “more flexible” and compatible with more applications, said Ted Ts’o, a systems programmer with MIT. Basically, MIT says there will never be one, large Kerberos server managing the Internet. But researchers hope that more interspersed individual sites will adopt Kerberos as the method of security. That will depend on public acceptance of the authentication method, as well as a competitive price to firewall services, “The thing is, a lot of protocols are already designed,” Ts’o said. “But they have completely punted on security issues, because on a public network it doesn’t matter.” “What I’d like to see is better authentication technology so that [Internet] sites have a choice other than firewalls,” Ts’o said. “Good security is expensive, and takes more administration and good passwords, Not everyone is willing to pay for that, so corporations use firewalls - it’s a good cheap solution and has all sorts of flaws.” Ts’o explained that while firewalls are like “putting armed guards at inter-state freeway exits”, Kerberos is like “a good, really strong front door lock” where armed guards are deemed unnecessary. “However”, Ts’o said, “Kerberos alone will never be the solution to the multitude of security problems on the Net”.
A new certification programme for network security Erin English
US network managers will have a new way of establishing a level of professionalism within the company they work for come April, with a network security certification programme. The examination was the brainchild of the International Information Systems Security Certification Consortium (lSC2), a group of US and Canadian agencies who believe that security practitioners desperately need a certification programme to justify their skills. While the test is originally planned for administration in the US, ISC2 programme director Rick Koenig says that the group hopes interest in the States will have “a ripple effect”, and other countries will accept the method of testing. Network managers who have three years of field experience qualify to take the exam. Then, they must pass an intense 250 question, four-hour examination on virtually all areas of network security to obtain a certificate. Communication architectures, cryptography, system security, access control and disaster recovery are just some of the areas in which test-takers must display a sufficient amount of knowledge. Koenig says that the certification programme should offer network managers several benefits in addition to plain old personal satisfaction. Because the exam is “not a shoe-in”, he says, it should highlight a manager’s qualifications to existing or potential employees. “Hopefully”, he said, “an increased acceptance of security programs will result”.
01995 Elsevier Science Ltd
Network Security
companies with ‘fleets’ of remote laptops and PCs. It includes a feature that recovers files created by employees no longer available to decrypt them. RSA also announced an encryption algorithm that it claims could replace the US government’s aging Data Encryption Standard algorithm. Security Technologies Inc has announced Digital Notary System, which it claims can irrefutably certify the contents and time of creation of digital records, including those used in electronic commerce. The system, which affixes a tamper-proof digital time stamp, could be used by lawyers who want to establish the time of evidence or contracts.
j REWXTS MIT scales up Kerberos security system for Internet Erin English
The Massachusetts Institute of Technology (MIT) believes its proprietary Kerberos authentication security system is ready to expand out into the Internet community. The system, which currently serves around 25 000 MIT users, eliminates the occurrence of sending readable passwords across not-so-secure network links. Kerberos consists of a distributed software set that allows users access through multiple encrypted exchanges. The user’s name is the only bit of information which is not encrypted. Additionally, the system will make cryptographic checks to make sure that information is not interfered with when passing
6
through workstations and servers, Kerberos 4, the current version of the system is designed for performing local authentication at a site. The’ Institute is currently perfecting Kerberos 5, available at an unspecified date this summer which will be “more flexible” and compatible with more applications, said Ted Ts’o, a systems programmer with MIT. Basically, MIT says there will never be one, large Kerberos server managing the Internet. But researchers hope that more interspersed individual sites will adopt Kerberos as the method of security. That will depend on public acceptance of the authentication method, as well as a competitive price to firewall services, “The thing is, a lot of protocols are already designed,” Ts’o said. “But they have completely punted on security issues, because on a public network it doesn’t matter.” “What I’d like to see is better authentication technology so that [Internet] sites have a choice other than firewalls,” Ts’o said. “Good security is expensive, and takes more administration and good passwords, Not everyone is willing to pay for that, so corporations use firewalls - it’s a good cheap solution and has all sorts of flaws.” Ts’o explained that while firewalls are like “putting armed guards at inter-state freeway exits”, Kerberos is like “a good, really strong front door lock” where armed guards are deemed unnecessary. “However”, Ts’o said, “Kerberos alone will never be the solution to the multitude of security problems on the Net”.
A new certification programme for network security Erin English
US network managers will have a new way of establishing a level of professionalism within the company they work for come April, with a network security certification programme. The examination was the brainchild of the International Information Systems Security Certification Consortium (lSC2), a group of US and Canadian agencies who believe that security practitioners desperately need a certification programme to justify their skills. While the test is originally planned for administration in the US, ISC2 programme director Rick Koenig says that the group hopes interest in the States will have “a ripple effect”, and other countries will accept the method of testing. Network managers who have three years of field experience qualify to take the exam. Then, they must pass an intense 250 question, four-hour examination on virtually all areas of network security to obtain a certificate. Communication architectures, cryptography, system security, access control and disaster recovery are just some of the areas in which test-takers must display a sufficient amount of knowledge. Koenig says that the certification programme should offer network managers several benefits in addition to plain old personal satisfaction. Because the exam is “not a shoe-in”, he says, it should highlight a manager’s qualifications to existing or potential employees. “Hopefully”, he said, “an increased acceptance of security programs will result”.
01995 Elsevier Science Ltd